SSL Domain Renewal Constraints

rsharma · March 24, 2025, 6:28am

Dear Let's Encrypt Community,

We are reaching out to seek guidance on managing a large number of SSL domains. Currently, we have over 1,500 domains that require Domain Validation (DV) certificates.

However, we are facing challenges due to the rate limits imposed by Let's Encrypt, specifically:

50 SSL domain validations per 7 days
Renewal possible only after 30 days

Given these constraints, we estimate that we can only renew approximately 200 SSL domain certificates per month (50 domains/week * 4 weeks).

We would greatly appreciate it if you could review our requirements and suggest potential solutions or workarounds.

Thank you for your time and assistance.

orangepizza · March 24, 2025, 7:14am

a single certificate from LE allows up to 100 SNIs in them, you try fit more domains per certificate you request?

bruncsak · March 24, 2025, 7:25am

@rsharma, welcome to the community!

I do not know where you find the information about the renewal limit possibility only after 30 days. There is no such limit.

The 50 per week limit is not for domains, but for issued new certificates. One certificate may contain up to 100 identifiers, so you can have 5000 domains in one shoot without asking rate-limit exception.

Here is the documentation for the rate limits:

(I moved your topic into the the help category, that fits better.)

9peppe · March 24, 2025, 7:27am

50 certificates, and renewals don't count.

That's per registered domain, are all your domains under the same registered domain?

I'm not sure where you get this from, or why you'd want to renew an unexpired certificate

rsharma · March 24, 2025, 8:14am

Thanks for your reply, does it mean that we can renew multiple times without any cap. we have 1500+ distinct domain URLs.

9peppe · March 24, 2025, 8:17am

It means you should be using ARI in the near future.

But today it means you should not change what FQDNs are in which certificate when you renew.

webprofusion · March 25, 2025, 2:39am

Can you clarify if these certificates are for unique domains or if they are subdomains of a single domain?

I know someone managing (more than) 20000 certificates from a single machine, which would be 222 renewals per day if distributed over the typical 90 days lifespan. Out of interest, what ACME clients are you using to manage your pool of certificates?

Topic		Replies	Views
Please add note to Rate Limits documentation Site Feedback	1	1254	January 16, 2017
Rate Limits for Let's Encrypt Documentation	1	194244	March 26, 2016
Renewal Limitations Issuance Policy	6	3500	May 10, 2017
New rate limit question	22	8658	April 19, 2016
Rate Limits & Renewals Issuance Policy	5	2702	March 18, 2017

SSL Domain Renewal Constraints

Related topics